False base station detection based on downlink silent periods

ABSTRACT

Certain aspects of the present disclosure provide techniques for detecting false base stations and transmissions therefrom based on silent periods during which legitimate base stations are to refrain from transmitting at least certain downlink transmissions on at least some downlink resources.

CROSS-REFERENCE TO RELATED APPLICATION(S)

This application claims benefit of and priority to U.S. ProvisionalApplication No. 62/903,219, filed Sep. 20, 2019, which is herebyassigned to the assignee hereof and hereby expressly incorporated byreference herein in its entirety as if fully set forth below and for allapplicable purposes.

BACKGROUND Field of the Disclosure

Aspects of the present disclosure relate to wireless communications, andmore particularly, false base station detection based on downlink silentperiods.

Description of Related Art

Wireless communication systems are widely deployed to provide varioustelecommunication services such as telephony, video, data, messaging,and broadcasts. Typical wireless communication systems may employmultiple-access technologies capable of supporting communication withmultiple users by sharing available system resources (e.g., bandwidth,transmit power). Examples of such multiple-access technologies includeLong Term Evolution (LTE) systems, code division multiple access (CDMA)systems, time division multiple access (TDMA) systems, frequencydivision multiple access (FDMA) systems, orthogonal frequency divisionmultiple access (OFDMA) systems, single-carrier frequency divisionmultiple access (SC-FDMA) systems, and time division synchronous codedivision multiple access (TD-SCDMA) systems.

In some examples, a wireless multiple-access communication system mayinclude a number of base stations, each simultaneously supportingcommunication for multiple communication devices, otherwise known asuser equipment (UEs). In LTE or LTE-A network, a set of one or more basestations may define an eNodeB (eNB). In other examples (e.g., in a nextgeneration or 5G network), a wireless multiple access communicationsystem may include a number of distributed units (DUs) (e.g., edge units(EUs), edge nodes (ENs), radio heads (RHs), smart radio heads (SRHs),transmission reception points (TRPs), etc.) in communication with anumber of central units (CUs) (e.g., central nodes (CNs), access nodecontrollers (ANCs), etc.), where a set of one or more distributed units,in communication with a central unit, may define an access node (e.g., anew radio base station (NR BS), a new radio node-B (NR NB), a networknode, 5G NB, gNB, etc.). A base station or DU may communicate with a setof UEs on downlink channels (e.g., for transmissions from a base stationor to a UE) and uplink channels (e.g., for transmissions from a UE to abase station or distributed unit).

These multiple access technologies have been adopted in varioustelecommunication standards to provide a common protocol that enablesdifferent wireless devices to communicate on a municipal, national,regional, and even global level. An example of an emergingtelecommunication standard is referred to as new radio (NR), forexample, 5G radio access. It is designed to better support mobilebroadband Internet access by improving spectral efficiency, loweringcosts, improving services, making use of new spectrum, and betterintegrating with other open standards using OFDMA with a cyclic prefix(CP) on the downlink (DL) and on the uplink (UL) as well as supportbeamforming, multiple-input multiple-output (MIMO) antenna technology,and carrier aggregation.

However, as the demand for mobile broadband access continues toincrease, there exists a need for further improvements in NR technology.Preferably, these improvements should be applicable to othermulti-access technologies and the telecommunication standards thatemploy these technologies.

BRIEF SUMMARY

The systems, methods, and devices of the disclosure each have severalaspects, no single one of which is solely responsible for its desirableattributes. Without limiting the scope of this disclosure as expressedby the claims, which follow, some features will now be discussedbriefly. After considering this discussion, and particularly afterreading the section entitled “Detailed Description” one will understandhow the features of this disclosure provide advantages that includeimproved communications between access points and stations in a wirelessnetwork.

Certain aspects of the present disclosure provide a method for wirelesscommunications by a first node. The method generally includesidentifying one or more silent periods during which at least a firstbase station is to refrain from at least certain downlink transmissionson at least some downlink resources, detecting one or more downlinktransmissions from a second base station during the one or more silentperiods, and notifying a network entity of the detection.

Certain aspects of the present disclosure provide a method for wirelesscommunication that may be performed by a first base station. The methodgenerally includes sending at least a first node a configurationindicating one or more silent periods during which the first basestation is to refrain from transmitting at least certain downlinktransmissions on at least some downlink resources, refraining fromtransmitting the certain downlink transmissions on the at least somedownlink resources during the silent periods according to theconfiguration, and receiving an indication, from the first wirelessnode, that the first wireless node detected, during at least one of thesilent periods, one or more signals transmitted from a second basestation.

Certain aspects of the present disclosure provide an apparatus forwireless communications. The apparatus generally includes at least oneprocessor configured to: identify one or more silent periods duringwhich at least a first base station is to refrain from at least certaindownlink transmissions on at least some downlink resources, detect oneor more downlink transmissions from a second base station during the oneor more silent periods, and notify a network entity of the detection.The apparatus generally includes a memory coupled with the at least oneprocessor.

Certain aspects of the present disclosure provide an apparatus forwireless communications. The apparatus generally includes at least oneprocessor configured to: send at least a first node a configurationindicating one or more silent periods during which the first basestation is to refrain from transmitting at least certain downlinktransmissions on at least some downlink resources, refrain fromtransmitting the certain downlink transmissions on the at least somedownlink resources during the silent periods according to theconfiguration, and receive an indication, from the first wireless node,that the first wireless node detected, during at least one of the silentperiods, one or more signals transmitted from a second base station. Theapparatus generally includes a memory coupled with the at least oneprocessor.

Aspects generally include methods, apparatus, systems, computer readablemediums, and processing systems, as substantially described herein withreference to and as illustrated by the accompanying drawings.

To the accomplishment of the foregoing and related ends, the one or moreaspects comprise the features hereinafter fully described andparticularly pointed out in the claims. The following description andthe annexed drawings set forth in detail certain illustrative featuresof the one or more aspects. These features are indicative, however, ofbut a few of the various ways in which the principles of various aspectsmay be employed, and this description is intended to include all suchaspects and their equivalents.

BRIEF DESCRIPTION OF THE DRAWINGS

So that the manner in which the above-recited features of the presentdisclosure can be understood in detail, a more particular description,briefly summarized above, may be had by reference to aspects, some ofwhich are illustrated in the appended drawings. It is to be noted,however, that the appended drawings illustrate only certain typicalaspects of this disclosure and are therefore not to be consideredlimiting of its scope, for the description may admit to other equallyeffective aspects.

FIG. 1 is a block diagram conceptually illustrating an exampletelecommunications system, in accordance with certain aspects of thepresent disclosure.

FIG. 2 is a block diagram conceptually illustrating a design of anexample BS and user equipment (UE), in accordance with certain aspectsof the present disclosure.

FIG. 3 illustrates an example of a frame format for a new radio (NR)system, in accordance with certain aspects of the present disclosure.

FIG. 4 illustrates an example false (imposter) base station.

FIG. 5 illustrates example operations for wireless communication by anode, in accordance with certain aspects of the present disclosure.

FIG. 6 illustrates example operations for wireless communication by anetwork entity, in accordance with certain aspects of the presentdisclosure.

FIG. 7 illustrates an example of a frame format for a new radio (NR)system, in accordance with certain aspects of the present disclosure.

FIG. 8 conceptually illustrates transmission signals between alegitimate BS, a false BS, and a UE, in accordance with certain aspectsof the present disclosure.

FIG. 9 conceptually illustrates transmission signals between a false BSand a UE, in accordance with certain aspects of the present disclosure.

FIG. 10 illustrates a communications device that may include variouscomponents configured to perform operations for the techniques disclosedherein in accordance with aspects of the present disclosure.

FIG. 11 illustrates a communications device that may include variouscomponents configured to perform operations for the techniques disclosedherein in accordance with aspects of the present disclosure.

To facilitate understanding, identical reference numerals have beenused, where possible, to designate identical elements that are common tothe figures. It is contemplated that elements disclosed in one aspectmay be beneficially utilized on other aspects without specificrecitation.

DETAILED DESCRIPTION

Aspects of the present disclosure provide apparatus, methods, processingsystems, and computer readable mediums for detecting false base stationand false base station transmissions.

Certain aspects of the present disclosure may be applied to new radio(NR) (new radio access technology or 5G technology). NR may supportvarious wireless communication services, such as Enhanced mobilebroadband (eMBB) targeting wide bandwidth (e.g. 80 MHz beyond),millimeter wave (mmW) targeting high carrier frequency (e.g. 60 GHz),massive MTC (mMTC) targeting non-backward compatible MTC techniques,and/or mission critical targeting ultra-reliable low latencycommunications (URLLC). These services may include latency andreliability requirements. These services may also have differenttransmission time intervals (TTI) to meet respective quality of service(QoS) requirements. In addition, these services may co-exist in the samesubframe.

The following description provides examples, and is not limiting of thescope, applicability, or examples set forth in the claims. Changes maybe made in the function and arrangement of elements discussed withoutdeparting from the scope of the disclosure. Various examples may omit,substitute, or add various procedures or components as appropriate. Forinstance, the methods described may be performed in an order differentfrom that described, and various steps may be added, omitted, orcombined. Also, features described with respect to some examples may becombined in some other examples. For example, an apparatus may beimplemented or a method may be practiced using any number of the aspectsset forth herein. In addition, the scope of the disclosure is intendedto cover such an apparatus or method, which is practiced using otherstructure, functionality, or structure and functionality in addition toor other than the various aspects of the disclosure set forth herein. Itshould be understood that any aspect of the disclosure disclosed hereinmay be embodied by one or more elements of a claim. The word “exemplary”is used herein to mean “serving as an example, instance, orillustration.” Any aspect described herein as “exemplary” is notnecessarily to be construed as preferred or advantageous over otheraspects.

The techniques described herein may be used for various wirelesscommunication networks such as LTE, CDMA, TDMA, FDMA, OFDMA, SC-FDMA andother networks. The terms “network” and “system” are often usedinterchangeably. A CDMA network may implement a radio technology such asUniversal Terrestrial Radio Access (UTRA), cdma2000, etc. UTRA includesWideband CDMA (WCDMA) and other variants of CDMA. cdma2000 coversIS-2000, IS-95 and IS-856 standards. A TDMA network may implement aradio technology such as Global System for Mobile Communications (GSM).An OFDMA network may implement a radio technology such as NR (e.g. 5GRA), Evolved UTRA (E-UTRA), Ultra Mobile Broadband (UMB), IEEE 802.11(Wi-Fi), IEEE 802.16 (WiMAX), IEEE 802.20, Flash-OFDMA, etc. UTRA andE-UTRA are part of Universal Mobile Telecommunication System (UMTS). NRis an emerging wireless communications technology under development inconjunction with the 5G Technology Forum (5GTF). 3GPP Long TermEvolution (LTE) and LTE-Advanced (LTE-A) are releases of UMTS that useE-UTRA. UTRA, E-UTRA, UMTS, LTE, LTE-A and GSM are described indocuments from an organization named “3rd Generation PartnershipProject” (3GPP). cdma2000 and UMB are described in documents from anorganization named “3rd Generation Partnership Project 2” (3GPP2). Thetechniques described herein may be used for the wireless networks andradio technologies mentioned above as well as other wireless networksand radio technologies. For clarity, while aspects may be describedherein using terminology commonly associated with 3G and/or 4G wirelesstechnologies, aspects of the present disclosure can be applied in othergeneration-based communication systems, such as 5G and later, includingNR technologies.

Example Wireless Communications System

FIG. 1 illustrates an example wireless network 100 in which aspects ofthe present disclosure may be performed. For example, the wirelessnetwork 100 have nodes (e.g., UE 120 r, BS 110 a) that may performoperations and procedures to detect false base stations (such asimposter BS 110 r) and transmission therefrom (e.g., as described belowin FIGS. 5-6).

As illustrated in FIG. 1, the wireless network 100 may include a numberof BSs 110 and other network entities. ABS may be a station thatcommunicates with UEs. Each BS 110 may provide communication coveragefor a particular geographic area. In 3GPP, the term “cell” can refer toa coverage area of a Node B and/or a Node B subsystem serving thiscoverage area, depending on the context in which the term is used. In NRsystems, the term “cell” and gNB, Node B, 5G NB, AP, NR BS, NR BS, orTRP may be interchangeable. In some examples, a cell may not necessarilybe stationary, and the geographic area of the cell may move according tothe location of a mobile base station. In some examples, the basestations may be interconnected to one another and/or to one or moreother base stations or network nodes (not shown) in the wireless network100 through various types of backhaul interfaces such as a directphysical connection, a virtual network, or the like using any suitabletransport network.

In general, any number of wireless networks may be deployed in a givengeographic area. Each wireless network may support a particular radioaccess technology (RAT) and may operate on one or more frequencies. ARAT may also be referred to as a radio technology, an air interface,etc. A frequency may also be referred to as a carrier, a frequencychannel, etc. Each frequency may support a single RAT in a givengeographic area in order to avoid interference between wireless networksof different RATs. In some cases, NR or 5G RAT networks may be deployed.

A BS may provide communication coverage for a macro cell, a pico cell, afemto cell, and/or other types of cell. A macro cell may cover arelatively large geographic area (e.g., several kilometers in radius)and may allow unrestricted access by UEs with service subscription. Apico cell may cover a relatively small geographic area and may allowunrestricted access by UEs with service subscription. A femto cell maycover a relatively small geographic area (e.g., a home) and may allowrestricted access by UEs having association with the femto cell (e.g.,UEs in a Closed Subscriber Group (CSG), UEs for users in the home,etc.). A BS for a macro cell may be referred to as a macro BS. A BS fora pico cell may be referred to as a pico BS. A BS for a femto cell maybe referred to as a femto BS or a home BS. In the example shown in FIG.1, the BSs 110 a, 110 b and 110 c may be macro BSs for the macro cells102 a, 102 b and 102 c, respectively. The BS 110 x may be a pico BS fora pico cell 102 x. The BSs 110 y and 110 z may be femto BS for the femtocells 102 y and 102 z, respectively. ABS may support one or multiple(e.g., three) cells.

The wireless network 100 may also include imposter base station (alsoreferred herein as false base station). As used herein, a false basestation refers to a base station that receives or detects a transmissionof data and/or other information from an upstream station (e.g., a BS ora UE) and sends a transmission of the data and/or other information to adownstream station (e.g., a UE or a BS) posing as BS 110 a of wirelessnetwork 100.

The wireless network 100 may be a heterogeneous network that includesBSs of different types, e.g., macro BS, pico BS, femto BS, relays, etc.These different types of BSs may have different transmit power levels,different coverage areas, and different impact on interference in thewireless network 100. For example, macro BS may have a high transmitpower level (e.g., 20 Watts) whereas pico BS, femto BS, and relays mayhave a lower transmit power level (e.g., 1 Watt).

The wireless network 100 may support synchronous or asynchronousoperation. For synchronous operation, the BSs may have similar frametiming, and transmissions from different BSs may be approximatelyaligned in time. For asynchronous operation, the BSs may have differentframe timing, and transmissions from different BSs may not be aligned intime. The techniques described herein may be used for both synchronousand asynchronous operation.

A network controller 130 may couple to a set of BSs and providecoordination and control for these BSs. The network controller 130 maycommunicate with the BSs 110 via a backhaul. The BSs 110 may alsocommunicate with one another, e.g., directly or indirectly via wirelessor wireline backhaul.

The UEs 120 (e.g., 120 x, 120 y, etc.) may be dispersed throughout thewireless network 100, and each UE may be stationary or mobile. A UE mayalso be referred to as a mobile station, a terminal, an access terminal,a subscriber unit, a station, a Customer Premises Equipment (CPE), acellular phone, a smart phone, a personal digital assistant (PDA), awireless modem, a wireless communication device, a handheld device, alaptop computer, a cordless phone, a wireless local loop (WLL) station,a tablet, a camera, a gaming device, a netbook, a smartbook, anultrabook, a medical device or medical equipment, a biometricsensor/device, a wearable device such as a smart watch, smart clothing,smart glasses, a smart wrist band, smart jewelry (e.g., a smart ring, asmart bracelet, etc.), an entertainment device (e.g., a music device, avideo device, a satellite radio, etc.), a vehicular component or sensor,a smart meter/sensor, industrial manufacturing equipment, a globalpositioning system device, or any other suitable device that isconfigured to communicate via a wireless or wired medium. Some UEs maybe considered evolved or machine-type communication (MTC) devices orevolved MTC (eMTC) devices. MTC and eMTC UEs include, for example,robots, drones, remote devices, sensors, meters, monitors, locationtags, etc., that may communicate with a BS, another device (e.g., remotedevice), or some other entity. A wireless node may provide, for example,connectivity for or to a network (e.g., a wide area network such asInternet or a cellular network) via a wired or wireless communicationlink. Some UEs may be considered Internet-of-Things (IoT) devices.

In FIG. 1, a solid line with double arrows indicates desiredtransmissions between a UE and a serving BS, which is a BS designated toserve the UE on the downlink and/or uplink. A dashed line with doublearrows indicates interfering transmissions between a UE and a BS.

Certain wireless networks (e.g., LTE) utilize orthogonal frequencydivision multiplexing (OFDM) on the downlink and single-carrierfrequency division multiplexing (SC-FDM) on the uplink. OFDM and SC-FDMpartition the system bandwidth into multiple (K) orthogonal subcarriers,which are also commonly referred to as tones, bins, etc. Each subcarriermay be modulated with data. In general, modulation symbols are sent inthe frequency domain with OFDM and in the time domain with SC-FDM. Thespacing between adjacent subcarriers may be fixed, and the total numberof subcarriers (K) may be dependent on the system bandwidth. Forexample, the spacing of the subcarriers may be 15 kHz and the minimumresource allocation (called a ‘resource block’) may be 12 subcarriers(or 180 kHz). Consequently, the nominal FFT size may be equal to 128,256, 512, 1024 or 2048 for system bandwidth of 1.25, 2.5, 5, 10 or 20megahertz (MHz), respectively. The system bandwidth may also bepartitioned into subbands. For example, a subband may cover 1.08 MHz(i.e., 6 resource blocks), and there may be 1, 2, 4, 8 or 16 subbandsfor system bandwidth of 1.25, 2.5, 5, 10 or 20 MHz, respectively.

While aspects of the examples described herein may be associated withLTE technologies, aspects of the present disclosure may be applicablewith other wireless communications systems, such as NR.

NR may utilize OFDM with a CP on the uplink and downlink and includesupport for half-duplex operation using TDD. A single component carrierbandwidth of 100 MHz may be supported. NR resource blocks may span 12sub-carriers with a sub-carrier bandwidth of 75 kHz over a 0.1 msduration. Each radio frame may consist of 50 subframes with a length of10 ms. Consequently, each subframe may have a length of 0.2 ms. Eachsubframe may indicate a link direction (i.e., DL or UL) for datatransmission and the link direction for each subframe may be dynamicallyswitched. Each subframe may include DL/UL data as well as DL/UL controldata. UL and DL subframes for NR may be as described in more detailbelow with respect to FIGS. 5 and 6. Beamforming may be supported andbeam direction may be dynamically configured. MIMO transmissions withprecoding may also be supported. MIMO configurations in the DL maysupport up to 8 transmit antennas with multi-layer DL transmissions upto 8 streams and up to 2 streams per UE. Multi-layer transmissions withup to 2 streams per UE may be supported. Aggregation of multiple cellsmay be supported with up to 8 serving cells. Alternatively, NR maysupport a different air interface, other than an OFDM-based. NR networksmay include entities such CUs and/or DUs.

In some examples, access to the air interface may be scheduled, whereina scheduling entity (e.g., a base station) allocates resources forcommunication among some or all devices and equipment within its servicearea or cell. The scheduling entity may be responsible for scheduling,assigning, reconfiguring, and releasing resources for one or moresubordinate entities. That is, for scheduled communication, subordinateentities utilize resources allocated by the scheduling entity. Basestations are not the only entities that may function as a schedulingentity. That is, in some examples, a UE may function as a schedulingentity, scheduling resources for one or more subordinate entities (e.g.,one or more other UEs). In this example, the UE is functioning as ascheduling entity, and other UEs utilize resources scheduled by the UEfor wireless communication. A UE may function as a scheduling entity ina peer-to-peer (P2P) network, and/or in a mesh network. In a meshnetwork example, UEs may optionally communicate directly with oneanother in addition to communicating with the scheduling entity.

Thus, in a wireless communication network with a scheduled access totime-frequency resources and having a cellular configuration, a P2Pconfiguration, and a mesh configuration, a scheduling entity and one ormore subordinate entities may communicate utilizing the scheduledresources.

As noted above, a RAN may include a CU and DUs. A NR BS (e.g., gNB, 5GNode B, Node B, transmission reception point (TRP), access point (AP))may correspond to one or multiple BSs. NR cells can be configured asaccess cell (ACells) or data only cells (DCells). For example, the RAN(e.g., a central unit or distributed unit) can configure the cells.DCells may be cells used for carrier aggregation or dual connectivity,but not used for initial access, cell selection/reselection, orhandover. In some cases, DCells may not transmit synchronizationsignals—in some cases DCells may transmit SS. NR BSs may transmitdownlink signals to UEs indicating the cell type. Based on the cell typeindication, the UE may communicate with the NR BS. For example, the UEmay determine NR BSs to consider for cell selection, access, handover,and/or measurement based on the indicated cell type.

FIG. 2 illustrates example components of the BS 110 and UE 120illustrated in FIG. 1, which may be used to implement aspects of thepresent disclosure. The BS may include a TRP. One or more components ofthe BS 110 and UE 120 may be used to practice aspects of the presentdisclosure. For example, antennas 252, Tx/Rx 254, processors 266, 258,264, and/or controller/processor 280 of the UE 120 and/or antennas 234,processors 220, 230, 238, and/or controller/processor 240 of the BS 110may be used to perform the operations described herein and illustratedwith reference to FIGS. 5 and 6.

FIG. 2 shows a block diagram of a design of a BS 110 and a UE 120, whichmay be one of the BSs and one of the UEs in FIG. 1. For a restrictedassociation scenario, the base station 110 may be the macro BS 110 c inFIG. 1, and the UE 120 may be the UE 120 y. The base station 110 mayalso be a base station of some other type. The base station 110 may beequipped with antennas 234 a through 234 t, and the UE 120 may beequipped with antennas 252 a through 252 r.

At the base station 110, a transmit processor 220 may receive data froma data source 212 and control information from a controller/processor240. The control information may be for the Physical Broadcast Channel(PBCH), Physical Control Format Indicator Channel (PCFICH), PhysicalHybrid ARQ Indicator Channel (PHICH), Physical Downlink Control Channel(PDCCH), etc. The data may be for the Physical Downlink Shared Channel(PDSCH), etc. The processor 220 may process (e.g., encode and symbolmap) the data and control information to obtain data symbols and controlsymbols, respectively. The processor 220 may also generate referencesymbols, e.g., for the primary synchronization signal (PSS), secondarysynchronization signal (SSS), and cell-specific reference signal (CRS).A transmit (TX) multiple-input multiple-output (MIMO) processor 230 mayperform spatial processing (e.g., precoding) on the data symbols, thecontrol symbols, and/or the reference symbols, if applicable, and mayprovide output symbol streams to the modulators (MODs) 232 a through 232t. Each modulator 232 may process a respective output symbol stream(e.g., for OFDM, etc.) to obtain an output sample stream. Each modulator232 may further process (e.g., convert to analog, amplify, filter, andupconvert) the output sample stream to obtain a downlink signal.Downlink signals from modulators 232 a through 232 t may be transmittedvia the antennas 234 a through 234 t, respectively.

At the UE 120, the antennas 252 a through 252 r may receive the downlinksignals from the base station 110 and may provide received signals tothe demodulators (DEMODs) 254 a through 254 r, respectively. Eachdemodulator 254 may condition (e.g., filter, amplify, downconvert, anddigitize) a respective received signal to obtain input samples. Eachdemodulator 254 may further process the input samples (e.g., for OFDM,etc.) to obtain received symbols. A MIMO detector 256 may obtainreceived symbols from all the demodulators 254 a through 254 r, performMIMO detection on the received symbols if applicable, and providedetected symbols. A receive processor 258 may process (e.g., demodulate,deinterleave, and decode) the detected symbols, provide decoded data forthe UE 120 to a data sink 260, and provide decoded control informationto a controller/processor 280.

On the uplink, at the UE 120, a transmit processor 264 may receive andprocess data (e.g., for the Physical Uplink Shared Channel (PUSCH)) froma data source 262 and control information (e.g., for the Physical UplinkControl Channel (PUCCH) from the controller/processor 280. The transmitprocessor 264 may also generate reference symbols for a referencesignal. The symbols from the transmit processor 264 may be precoded by aTX MIMO processor 266 if applicable, further processed by thedemodulators 254 a through 254 r (e.g., for SC-FDM, etc.), andtransmitted to the base station 110. At the BS 110, the uplink signalsfrom the UE 120 may be received by the antennas 234, processed by themodulators 232, detected by a MIMO detector 236 if applicable, andfurther processed by a receive processor 238 to obtain decoded data andcontrol information sent by the UE 120. The receive processor 238 mayprovide the decoded data to a data sink 239 and the decoded controlinformation to the controller/processor 240.

The controllers/processors 240 and 280 may direct the operation at thebase station 110 and the UE 120, respectively. The processor 240 and/orother processors and modules at the base station 110 may perform ordirect, e.g., the execution of the functional blocks illustrated invarious figures, and/or other processes for the techniques describedherein. The processor 280 and/or other processors and modules at the UE120 may also perform or direct, e.g., the execution of thecorresponding/complementary processes for the techniques describedherein and as illustrated in various figures. The memories 242 and 282may store data and program codes for the BS 110 and the UE 120,respectively. A scheduler 244 may schedule UEs for data transmission onthe downlink and/or uplink.

FIG. 3 is a diagram showing an example of a frame format 300 for NR. Thetransmission timeline for each of the downlink and uplink may bepartitioned into units of radio frames. Each radio frame may have apredetermined duration (e.g., 10 ms) and may be partitioned into 10subframes, each of 1 ms, with indices of 0 through 9. Each subframe mayinclude a variable number of slots depending on the subcarrier spacing.Each slot may include a variable number of symbol periods (e.g., 7 or 14symbols) depending on the subcarrier spacing. The symbol periods in eachslot may be assigned indices. A mini-slot, which may be referred to as asub-slot structure, refers to a transmit time interval having a durationless than a slot (e.g., 2, 3, or 4 symbols).

Each symbol in a slot may indicate a link direction (e.g., DL, UL, orflexible) for data transmission and the link direction for each subframemay be dynamically switched. The link directions may be based on theslot format. Each slot may include DL/UL data as well as DL/UL controlinformation.

In NR, a synchronization signal (SS) block is transmitted. The SS blockincludes a PSS, a SSS, and a two symbol PBCH. In some cases, thesesignals are examples of the types of signals that a false BS might fakein order to pose as a legitimate BS. The false BS may also fake othertypes of downlink transmissions (e.g., PDCCH, PDSCH) when posing as alegitimate BS.

The SS block can be transmitted in a fixed slot location, such as thesymbols 0-3 as shown in FIG. 3. The PSS and SSS may be used by UEs forcell search and acquisition. The PSS may provide half-frame timing, theSS may provide the CP length and frame timing. The PSS and SSS mayprovide the cell identity. The PBCH carries some basic systeminformation, such as downlink system bandwidth, timing informationwithin radio frame, SS burst set periodicity, system frame number, etc.The SS blocks may be organized into SS bursts to support beam sweeping.Further system information such as, remaining minimum system information(RMSI), system information blocks (SIBs), other system information (OSI)can be transmitted on a physical downlink shared channel (PDSCH) incertain subframes.

A UE may operate in various radio resource configurations, including aconfiguration associated with transmitting pilots using a dedicated setof resources (e.g., a radio resource control (RRC) dedicated state,etc.) or a configuration associated with transmitting pilots using acommon set of resources (e.g., an RRC common state, etc.). Whenoperating in the RRC dedicated state, the UE may select a dedicated setof resources for transmitting a pilot signal to a network. Whenoperating in the RRC common state, the UE may select a common set ofresources for transmitting a pilot signal to the network. In eithercase, a pilot signal transmitted by the UE may be received by one ormore network access devices, such as an, or a DU, or portions thereof.Each receiving network access device may be configured to receive andmeasure pilot signals transmitted on the common set of resources, andalso receive and measure pilot signals transmitted on dedicated sets ofresources allocated to the UEs for which the network access device is amember of a monitoring set of network access devices for the UE. One ormore of the receiving network access devices, or a CU to which receivingnetwork access device(s) transmit the measurements of the pilot signals,may use the measurements to identify serving cells for the UEs, or toinitiate a change of serving cell for one or more of the UEs.

Example False Base Station Detection Based on Downlink Silent Periods

Certain aspects of the present disclosure are generally directed toprocedures for detecting false BSs and false BS transmissions. Asdescribed above, a false BS (e.g., Imposter 110 r in FIG. 1) is a basestation that may listen (or “eavesdrop”) on a legitimate BS (e.g., BS110 a in FIG. 1), mimic (pose) as the legitimate BS to a UE (e.g., oneof the UEs 120 in FIG. 1) and alter the transmission from the legitimateBS. As described below, a node (such as a special UE 120 r, thelegitimate BS itself, or another BS), may be configured to detect afalse BS based by monitoring for transmissions during silent periodswhen the legitimate BS refrains from transmitting.

As illustrated in FIG. 4, when posing as a legitimate BS to the UE, thefalse BS may send downlink transmissions (e.g., reference signals and/orchannels and/or downlink messages) to the UE that may fool the UE intothinking the downlink transmissions are from the legitimate BS. In thismanner, the false BS may attack the UE at a physical layer, and maypotentially dupe application layer software.

In certain aspects, the false BS broadcasts transmission signals (e.g.,synchronization signals (SSBs)) to make UE to camp on it. In certainaspects, the false BS may transmit signals and/or channels and/ormessages that are not transmitted by the legitimate BS. The false BS maymodify the content of signals and/or channels and/or messages that aretransmitted by the legitimate BS. The false BS may also selectively dropimportant signals and/or channels and/or messages (e.g., page) that aretransmitted by the legitimate BS.

In some cases, the false BS may intercept (e.g., eavesdrop on) thesignals and/or channels from the legitimate BS. When the false BSintercepts signals and/or channels from the legitimate BS, the false BSmay extract information from these signals and/or channels. For example,the false BS may determine time and frequency resources used fortransmitting SSBs. The false BS may also determine the cell ID (based onthe primary synchronization signal (PSS) and secondary synchronizationsignal (SSS)) and/or IDs assigned to the UE (e.g., a cell specific radionetwork temporary identifier (C-RNTI)) and/or other information specificassociated with the cell of the legitimate BS. With the extractedinformation, the false BS may generate and broadcast a reference signalto the UE to lure a UE to camp on the false BS. Once the UE synchronizeswith the BS, the false BS may send other signals, channels and messagesthat would normally be transmitted by the legitimate BS using theextracted information. Accordingly, the false BS may dupe the UE intosending signals and/or channels to the false BS.

The techniques disclosed herein help detect false base stations andtransmissions therefrom, which may prevent attacks to the UE.

In some cases, a false base station (FBS) may be detected by receiving asignal at a first node, comparing it to a reference signal (e.g., areference downlink transmissions) that was sent by a second node (e.g.,a legitimate BS). Examples of the reference signal for comparisoninclude in-phase and quadrature (I-Q) samples, channels (e.g., SSB,physical downlink control channel (PDCCH), and physical downlink sharedchannel (PDSCH)), statistics of the channel (e.g., count of page, PDCCH,etc.). Based on the comparison, the first node may determine if a falseBS is present. The first (detecting) node can be the same as the secondnode (e.g., a legitimate BS) or the first node could be another BS or aUE that is specially deployed for the purpose of detecting a false BS.

In some cases, detection of the false BS may be based on the detectionof a cell specific or UE specific signal and/or channel transmitted bythe false BS, such as an SSB that carries the same cell ID as thelegitimate BS. As another example, a cell-specific channel transmittedby the false BS may be a PDCCH, for broadcast information (e.g., PDCCHfor system information block (SIB)) and/or a corresponding PDSCH (e.g.,SIB). In some cases, a UE specific signal transmitted by the false BSmay include a UE specific channel, such as a PDCCH scrambled by C-RNTIof a UE and/or corresponding PDSCH.

Certain aspects of the present disclosure provide a mechanism that mayaid in such detection of false BSs and false BS transmissions byutilizing downlink silent periods. As used herein, the term downlinksilent period generally refers to a certain period of time in which alegitimate BS refrains from sending (or “mutes”) at least certaindownlink (DL) transmissions on at least some downlink resources. Forexample, a legitimate BS may be configured to refrain from transmittingin a set of slots and/or to refrain from transmitting in a set of DLsymbols in a slot during a silent period.

As will be described in greater detail below, in some cases, alegitimate BS may stop its DL transmission in silent periods in apattern unknown to the false BS (but known by a detecting node). Thus,with knowledge of this pattern, a detecting node may conclude thatdownlink transmissions sent during the silent period that appear to befrom the legitimate BS are actually from a false BS. The use of silentperiods in this manner may be especially useful in detecting a false BSthat uses the same cell ID as a legitimate BS.

FIG. 5 illustrates example operations 500 for wireless communication bya node as part of a false BS detection procedure based on downlinksilent periods, in accordance with certain aspects of the presentdisclosure. Operations 500 may be performed, for example, by a node,such as a UE 120 of FIG. 1 (or one or more of the processors thereofshown in FIG. 2) or a legitimate (or other) BS 110 of FIG. 1.

Operations 500 begin, at 502, by identifying one or more silent periodsduring which at least a first base station is to refrain from at leastcertain downlink transmissions on at least some downlink resources. At504, the node detects one or more downlink transmissions from a secondbase station during the one or more silent periods. At 506, the nodenotifies a network entity of the detection.

FIG. 6 illustrates example operations 600 that may be performed by afirst base station as part of a false BS detection procedure, inaccordance with certain aspects of the present disclosure. Operations600 may be performed by a base station, such as base station (gNB) 110of FIG. 1 (or one or more of the processors thereof shown in FIG. 2)with a UE or other node performing operations 500 described above.

Operations 600 begin, at 602, by identifying one or more silent periodsduring which the first base station is to refrain from transmitting atleast certain downlink transmissions on at least some downlinkresources. At 604, the BS refrains from transmitting the certaindownlink transmissions on the at least some downlink resources duringthe silent periods. At 606, the BS receives an indication that at leasta first wireless node detected, during at least one of the silentperiods, one or more signals transmitted from a second base station.

In some cases, a node, such as a special UE or a base station (includinga legitimate BS itself), may detect a false BS by relying on thelegitimate BS to refrain from sending (at least certain types of)downlink transmissions (on at least some downlink resources) duringsilent periods and monitoring for transmissions during those silentperiods. For example, the monitoring node may detect a false BS if itdetects signals made to appear they come from the legitimate basedstation, but may be transmitted during a silent period during which thelegitimate base station is to refrain from transmitting (a silentperiod).

In order to monitor silent periods, a monitoring node may need toidentify the silent periods. In some cases, a monitoring node mayreceive an indication of the silent periods, for example, in aconfiguration. In some cases, the indication may be provided as apattern of silent periods. The pattern may be configured by a network ormay be generated by the legitimate base station itself. If themonitoring node is a UE, the pattern may be provided by a BS. If themonitoring node is a BS, the pattern may be provided by the networkthrough the backhaul.

For example, as illustrated in FIG. 7, the pattern may indicate a firstset of slots and/or sets of downlink symbols each within one of a secondset of slots. In FIG. 7, an “X” indicates a slot and/or symbolcorresponding to a silent period during which a legitimate BS mutes orrefrains from transmitting at least some downlink transmissions.

If the pattern is configured by the network, an indication of thepattern may be conveyed to the legitimate BS (and optionally to pass onto a monitoring node if the monitoring node is separate from thelegitimate BS) or to both the legitimate BS and the monitoring node. Ifthe pattern is only indicated to the legitimate BS, the network mayjudge whether a false BS exists based on a report from the monitoringnode(s) about the DL signals/channels detected during the silentperiods. Alternatively, the legitimate BS may judge whether a false BSexists if the monitoring node(s) send a report to the legitimate BSabout the DL signals/channels detected during the silent periods. If thepattern is indicated to both the legitimate BS and monitoring node(s),the monitoring node(s) themselves may judge whether a false BS existsand report the result to network. If the pattern is configured by thelegitimate BS itself and the legitimate BS is a monitoring node, thelegitimate BS may judge whether a false BS exists based on the detectionof DL transmissions that the legitimate BS has refrained fromtransmitting in the silent period. The legitimate BS may further reportthe detection result of the false BS to the network. If the pattern isconfigured by the legitimate BS itself and the legitimate BS is not amonitoring node, the legitimate BS may judge whether a false BS existsif the monitoring node(s) send a report to the legitimate BS about theDL signals/channels detected during the silent periods. Alternatively,if the pattern is configured by the legitimate BS itself, the legitimateBS can send the pattern to the network, and the network may judgewhether a false BS exists based on a report from the monitoring node(s)about the DL signals/channels detected during the silent periods.

If the pattern is configured by the network and conveyed to monitoringnode, and if the monitoring node is a UE, the pattern configuration maybe transmitted in an encrypted message over the air so that the false BSis unable to read the pattern and mute its DL in the same way asindicated by the pattern.

Further, in order to avoid the pattern being detected by the FBS,scheduling information of DL channels or signals of the legitimate BSshould not reflect the silent period pattern. For example, a legitimateBS may not transmit a PDSCH, channel state information reference signal(CSI-RS), and/or tracking reference signal (TRS) inside a silent periodeven though it has transmitted the corresponding scheduling PDCCHoutside of the silent period (the silent period may take priority of thescheduled transmission). In another example, the legitimate BS may dropan SSB transmission in the silent period (as shown in FIG. 7).

There may be limited impact to giving priority to muting in silentperiods over otherwise scheduled transmissions, in this manner. Forexample, a UE that is in the coverage of a legitimate BS mayoccasionally fail to receive a scheduled PDSCH and may, therefore,report a negative Acknowledgment (NAK). As long as the silent periodsare not configured too often, this impact will be relatively small.

As noted above, a legitimate BS may refrain from transmitting alldownlink transmissions or only certain downlink transmissions in asilent period. For example, in some cases, only certain signals (e.g.,CSI-RS, TRS, PSS, SSS) or channels (e.g., physical broadcast channel(PBCH), PDCCH, and PDSCH) are not transmitted (while othersignals/channels may be transmitted or transmitted on different downlinkresources).

As noted above, the monitoring node configured to monitor for downlinktransmissions during downlink silent periods may be a specially deployedUE, base station, or even the legitimate base station that is refrainingfrom transmitting during the downlink silent periods. It should be notedthat, because the legitimate BS is refraining from transmitting duringthe downlink silent periods, both half duplex and full duplex basestations may be able to act as monitoring nodes.

FIG. 8 illustrates a scenario with a legitimate BS detecting downlinktransmissions sent by a false BS during a silent period. As noted above,by listening (eavesdropping) transmission from the legitimate BS, afalse BS may extract sufficient information to generate its own downlinktransmissions that appear to be from the legitimate BS. However, thefalse BS may not have information regarding the downlink silent periods.

Therefore, as illustrated in FIG. 8, when the legitimate BS drops ormutes downlink transmissions during downlink silent periods, thelegitimate BS can monitor to detect downlink transmissions targeting UEsof the legitimate BS's cell in the downlink silent period (e.g., SSBwith the same cell ID, PDCCH scrambled by a RNTI for the UE(s) in thelegitimate BS's cell). If the legitimate BS detects downlinktransmissions during the silent period, it can infer a false BS existsand can take action (e.g., the legitimate BS can report detection of thefalse BS to the network).

As noted above, steps may be taken to keep a false BS from detecting thepattern of downlink silent periods. For example, the pattern (generatedby the legitimate BS or network) may be conveyed to a monitoring node inan encrypted message. If a legitimate BS is the monitoring node, thelegitimate BS may randomly choose the (pattern of) silent periodsitself.

FIG. 9 illustrates a scenario with a special UE as the monitoring nodedetecting downlink transmissions sent by a false BS during a silentperiod. While FIG. 9 shows a special UE reporting feedback information,the operations performed by the special UE may be performed by anothertype of node, such as another BS.

As illustrated in FIG. 9, a legitimate BS drops or mutes downlinktransmissions during the silent period. With knowledge of the pattern ofdownlink silent periods, the UE monitors reception of downlinktransmissions during the silent period (e.g., SSB with same cell ID asthat of the legitimate BS, PDCCH scrambled by a RNTI for this UE). Ifthe UE detects downlink transmissions during the silent period, it maydeclare a false BS exists and report detection of the false BS to thenetwork. In some cases, upon detection, the UE may also inform/notifyother UEs (e.g., not configured with the silent period pattern) todiscard those downlink transmissions sent by the false BS (e.g., via asidelink connection used for direction connection between UEs).

FIG. 10 illustrates a communications device 1000 that may includevarious components (e.g., corresponding to means-plus-functioncomponents) configured to perform operations for the techniquesdisclosed herein, such as the operations illustrated in FIG. 5. Thecommunications device 1000 includes a processing system 1002 coupled toa transceiver 1008 (e.g., a transmitter and/or a receiver). Thetransceiver 1008 is configured to transmit and receive signals for thecommunications device 1000 via an antenna 1010, such as the varioussignals as described herein. The processing system 1002 may beconfigured to perform processing functions for the communications device1000, including processing signals received and/or to be transmitted bythe communications device 1000.

The processing system 1002 includes a processor 1004 coupled to acomputer-readable medium/memory 1012 via a bus 1006. In certain aspects,the computer-readable medium/memory 1012 is configured to storeinstructions (e.g., computer-executable code) that when executed by theprocessor 1004, cause the processor 1004 to perform the operationsillustrated in FIG. 5, or other operations for performing the varioustechniques discussed herein for false base station detection based ondownlink silent periods. In certain aspects, computer-readablemedium/memory 1012 stores code 1014 for identifying one or more silentperiods during which at least a first base station is to refrain from atleast certain downlink transmissions on at least some downlinkresources; code 1016 for detecting one or more downlink transmissionfrom a second base station during the one or more silent periods; andcode 1018 for notifying a network entity of the detection. In certainaspects, the processor 1004 has circuitry configured to implement thecode stored in the computer-readable medium/memory 1012. The processor1004 includes circuitry 1024 for identifying one or more silent periodsduring which at least a first base station is to refrain from at leastcertain downlink transmissions on at least some downlink resources;circuitry 1026 for detecting one or more downlink transmission from asecond base station during the one or more silent periods; and circuitry1028 for notifying a network entity of the detection.

FIG. 11 illustrates a communications device 1100 that may includevarious components (e.g., corresponding to means-plus-functioncomponents) configured to perform operations for the techniquesdisclosed herein, such as the operations illustrated in FIG. 6. Thecommunications device 1100 includes a processing system 1102 coupled toa transceiver 1108 (e.g., a transmitter and/or a receiver). Thetransceiver 1108 is configured to transmit and receive signals for thecommunications device 1100 via an antenna 1110, such as the varioussignals as described herein. The processing system 1102 may beconfigured to perform processing functions for the communications device1100, including processing signals received and/or to be transmitted bythe communications device 1100.

The processing system 1102 includes a processor 1104 coupled to acomputer-readable medium/memory 1112 via a bus 1106. In certain aspects,the computer-readable medium/memory 1112 is configured to storeinstructions (e.g., computer-executable code) that when executed by theprocessor 1104, cause the processor 1104 to perform the operationsillustrated in FIG. 6, or other operations for performing the varioustechniques discussed herein for false base station detection based ondownlink silent periods. In certain aspects, computer-readablemedium/memory 1112 stores code 1114 for identifying one or more silentperiods during which a first base station is to refrain fromtransmitting at least certain downlink transmissions on at least somedownlink resources; code 1116 for refraining from transmitting thecertain downlink transmissions on the at least some downlink resourcesduring the silent period; and code 1118 for receiving an indication thatat least a first node detected, during at least one of the silentperiods, one or more signals transmitted from a second base station. Incertain aspects, the processor 1104 has circuitry configured toimplement the code stored in the computer-readable medium/memory 1112.The processor 1104 includes circuitry 1124 for identifying one or moresilent periods during which a first base station is to refrain fromtransmitting at least certain downlink transmissions on at least somedownlink resources; circuitry 1126 for transmitting the certain downlinktransmissions on the at least some downlink resources during the silentperiod; circuitry 1128 for receiving an indication that at least a firstnode detected, during at least one of the silent periods, one or moresignals transmitted from a second base station.

The previous description is provided to enable any person skilled in theart to practice the various aspects described herein. Variousmodifications to these aspects will be readily apparent to those skilledin the art, and the generic principles defined herein may be applied toother aspects. Thus, the claims are not intended to be limited to theaspects shown herein, but is to be accorded the full scope consistentwith the language claims, wherein reference to an element in thesingular is not intended to mean “one and only one” unless specificallyso stated, but rather “one or more.” Unless specifically statedotherwise, the term “some” refers to one or more. All structural andfunctional equivalents to the elements of the various aspects describedthroughout this disclosure that are known or later come to be known tothose of ordinary skill in the art are expressly incorporated herein byreference and are intended to be encompassed by the claims. Moreover,nothing disclosed herein is intended to be dedicated to the publicregardless of whether such disclosure is explicitly recited in theclaims. No claim element is to be construed under the provisions of 35U.S.C. § 112, sixth paragraph, unless the element is expressly recitedusing the phrase “means for” or, in the case of a method claim, theelement is recited using the phrase “step for.”

The various operations of methods described above may be performed byany suitable means capable of performing the corresponding functions.The means may include various hardware and/or software component(s)and/or module(s), including, but not limited to a circuit, anapplication specific integrated circuit (ASIC), or processor. Generally,where there are operations illustrated in figures, those operations mayhave corresponding counterpart means-plus-function components.

As used herein, the term “determining” encompasses a wide variety ofactions. For example, “determining” may include calculating, computing,processing, deriving, investigating, looking up (e.g., looking up in atable, a database or another data structure), ascertaining and the like.Also, “determining” may include receiving (e.g., receiving information),accessing (e.g., accessing data in a memory) and the like. Also,“determining” may include resolving, selecting, choosing, establishingand the like.

As used herein, a phrase referring to “at least one of” a list of itemsrefers to any combination of those items, including single members. Asan example, “at least one of: a, b, or c” is intended to cover a, b, c,a-b, a-c, b-c, and a-b-c, as well as combinations that include multiplesof one or more members (aa, bb, and/or cc).

The various illustrative logical blocks, modules and circuits describedin connection with the present disclosure may be implemented orperformed with a general purpose processor, a digital signal processor(DSP), an application specific integrated circuit (ASIC), a fieldprogrammable gate array (FPGA) or other programmable logic device (PLD),discrete gate or transistor logic, discrete hardware components, or anycombination thereof designed to perform the functions described herein.A general-purpose processor may be a microprocessor, but in thealternative, the processor may be any commercially available processor,controller, microcontroller, or state machine. A processor may also beimplemented as a combination of computing devices, e.g., a combinationof a DSP and a microprocessor, a plurality of microprocessors, one ormore microprocessors in conjunction with a DSP core, or any other suchconfiguration. For example, operations shown in FIGS. 5 and 6 may beperformed by one or more processors of the UE 120 and/or base station110 shown in FIG. 2.

The steps of a method or algorithm described in connection with thepresent disclosure may be embodied directly in hardware, in a softwaremodule executed by a processor, or in a combination of the two. Asoftware module may reside in any form of storage medium that is knownin the art. Some examples of storage media that may be used includerandom access memory (RAM), read only memory (ROM), flash memory, EPROMmemory, EEPROM memory, registers, a hard disk, a removable disk, aCD-ROM and so forth. A software module may comprise a singleinstruction, or many instructions, and may be distributed over severaldifferent code segments, among different programs, and across multiplestorage media. A storage medium may be coupled to a processor such thatthe processor can read information from, and write information to, thestorage medium. In the alternative, the storage medium may be integralto the processor.

The methods disclosed herein comprise one or more steps or actions forachieving the described method. The method steps and/or actions may beinterchanged with one another without departing from the scope of theclaims. In other words, unless a specific order of steps or actions isspecified, the order and/or use of specific steps and/or actions may bemodified without departing from the scope of the claims.

Means for receiving or means for obtaining may include a receiver (suchas the receive processor 338) or an antenna(s) 334 of the access point110 or the receive processor 358 or antenna(s) 352 of the station 120illustrated in FIG. 3. Means for transmitting or means for outputtingmay include a transmitter (such as the transmit processor 320) or anantenna(s) 334 of the access point 110 or the transmit processor 364 orantenna(s) 352 of the station 120 illustrated in FIG. 3. Means forassociating, means for determining, means for monitoring, means fordeciding, means for providing, means for detecting, means forperforming, and/or means for setting may include a processing system,which may include one or more processors, such as the receive processor338/358, the transmit processor 320/364, the TX MIMO processor 330/366,or the controller 340/380 of the access point 110 and station 120illustrated in FIG. 3.

In some cases, rather than actually transmitting a frame a device mayhave an interface to output a frame for transmission (a means foroutputting). For example, a processor may output a frame, via a businterface, to a radio frequency (RF) front end for transmission.Similarly, rather than actually receiving a frame, a device may have aninterface to obtain a frame received from another device (a means forobtaining). For example, a processor may obtain (or receive) a frame,via a bus interface, from an RF front end for reception.

The functions described may be implemented in hardware, software,firmware, or any combination thereof. If implemented in hardware, anexample hardware configuration may comprise a processing system in awireless node. The processing system may be implemented with a busarchitecture. The bus may include any number of interconnecting busesand bridges depending on the specific application of the processingsystem and the overall design constraints. The bus may link togethervarious circuits including a processor, machine-readable media, and abus interface. The bus interface may be used to connect a networkadapter, among other things, to the processing system via the bus. Thenetwork adapter may be used to implement the signal processing functionsof the PHY layer. In the case of a user terminal 120 (see FIG. 1), auser interface (e.g., keypad, display, mouse, joystick, etc.) may alsobe connected to the bus. The bus may also link various other circuitssuch as timing sources, peripherals, voltage regulators, powermanagement circuits, and the like, which are well known in the art, andtherefore, will not be described any further.

The processor may be responsible for managing the bus and generalprocessing, including the execution of software stored on themachine-readable media. The processor may be implemented with one ormore general-purpose and/or special-purpose processors. Examples includemicroprocessors, microcontrollers, DSP processors, and other circuitrythat can execute software. Software shall be construed broadly to meaninstructions, data, or any combination thereof, whether referred to assoftware, firmware, middleware, microcode, hardware descriptionlanguage, or otherwise. Machine-readable media may include, by way ofexample, RAM (Random Access Memory), flash memory, ROM (Read OnlyMemory), PROM (Programmable Read-Only Memory), EPROM (ErasableProgrammable Read-Only Memory), EEPROM (Electrically ErasableProgrammable Read-Only Memory), registers, magnetic disks, opticaldisks, hard drives, or any other suitable storage medium, or anycombination thereof. The machine-readable media may be embodied in acomputer-program product. The computer-program product may comprisepackaging materials.

In a hardware implementation, the machine-readable media may be part ofthe processing system separate from the processor. However, as thoseskilled in the art will readily appreciate, the machine-readable media,or any portion thereof, may be external to the processing system. By wayof example, the machine-readable media may include a transmission line,a carrier wave modulated by data, and/or a computer product separatefrom the wireless node, all which may be accessed by the processorthrough the bus interface. Alternatively, or in addition, themachine-readable media, or any portion thereof, may be integrated intothe processor, such as the case may be with cache and/or generalregister files.

The processing system may be configured as a general-purpose processingsystem with one or more microprocessors providing the processorfunctionality and external memory providing at least a portion of themachine-readable media, all linked together with other supportingcircuitry through an external bus architecture. Alternatively, theprocessing system may be implemented with an ASIC (Application SpecificIntegrated Circuit) with the processor, the bus interface, the userinterface in the case of an access terminal), supporting circuitry, andat least a portion of the machine-readable media integrated into asingle chip, or with one or more FPGAs (Field Programmable Gate Arrays),PLDs (Programmable Logic Devices), controllers, state machines, gatedlogic, discrete hardware components, or any other suitable circuitry, orany combination of circuits that can perform the various functionalitydescribed throughout this disclosure. Those skilled in the art willrecognize how best to implement the described functionality for theprocessing system depending on the particular application and theoverall design constraints imposed on the overall system.

The machine-readable media may comprise a number of software modules.The software modules include instructions that, when executed by theprocessor, cause the processing system to perform various functions. Thesoftware modules may include a transmission module and a receivingmodule. Each software module may reside in a single storage device or bedistributed across multiple storage devices. By way of example, asoftware module may be loaded into RAM from a hard drive when atriggering event occurs. During execution of the software module, theprocessor may load some of the instructions into cache to increaseaccess speed. One or more cache lines may then be loaded into a generalregister file for execution by the processor. When referring to thefunctionality of a software module below, it will be understood thatsuch functionality is implemented by the processor when executinginstructions from that software module.

If implemented in software, the functions may be stored or transmittedover as one or more instructions or code on a computer-readable medium.Computer-readable media include both computer storage media andcommunication media including any medium that facilitates transfer of acomputer program from one place to another. A storage medium may be anyavailable medium that can be accessed by a computer. By way of example,and not limitation, such computer-readable media can comprise RAM, ROM,EEPROM, CD-ROM or other optical disk storage, magnetic disk storage orother magnetic storage devices, or any other medium that can be used tocarry or store desired program code in the form of instructions or datastructures and that can be accessed by a computer. Also, any connectionis properly termed a computer-readable medium. For example, if thesoftware is transmitted from a website, server, or other remote sourceusing a coaxial cable, fiber optic cable, twisted pair, digitalsubscriber line (DSL), or wireless technologies such as infrared (IR),radio, and microwave, then the coaxial cable, fiber optic cable, twistedpair, DSL, or wireless technologies such as infrared, radio, andmicrowave are included in the definition of medium. Disk and disc, asused herein, include compact disc (CD), laser disc, optical disc,digital versatile disc (DVD), floppy disk, and Blu-ray® disc where disksusually reproduce data magnetically, while discs reproduce dataoptically with lasers. Thus, in some aspects computer-readable media maycomprise non-transitory computer-readable media (e.g., tangible media).In addition, for other aspects computer-readable media may comprisetransitory computer-readable media (e.g., a signal). Combinations of theabove should also be included within the scope of computer-readablemedia.

Thus, certain aspects may comprise a computer program product forperforming the operations presented herein. For example, such a computerprogram product may comprise a computer-readable medium havinginstructions stored (and/or encoded) thereon, the instructions beingexecutable by one or more processors to perform the operations describedherein. For certain aspects, the computer program product may includepackaging material.

Further, it should be appreciated that modules and/or other appropriatemeans for performing the methods and techniques described herein can bedownloaded and/or otherwise obtained by a user terminal and/or accesspoint as applicable. For example, such a device can be coupled to aserver to facilitate the transfer of means for performing the methodsdescribed herein. Alternatively, various methods described herein can beprovided via storage means (e.g., RAM, ROM, a physical storage mediumsuch as a compact disc (CD) or floppy disk, etc.), such that a userterminal and/or access point can obtain the various methods uponcoupling or providing the storage means to the device. Moreover, anyother suitable technique for providing the methods and techniquesdescribed herein to a device can be utilized.

It is to be understood that the claims are not limited to the preciseconfiguration and components illustrated above. Various modifications,changes and variations may be made in the arrangement, operation anddetails of the methods and apparatus described above without departingfrom the scope of the claims.

1. An apparatus for wireless communications, comprising: at least oneprocessor configured to: identify one or more silent periods duringwhich at least a first base station is to refrain from at least certaindownlink transmissions on at least some downlink resources; detect oneor more downlink transmissions from a second base station during the oneor more silent periods; and notify a network entity of the detection;and a memory coupled with the at least one processor.
 2. The apparatusof claim 1, wherein the certain downlink transmissions comprise at leastone of channel state information reference signal (CSI-RS), trackingreference signal (TRS), synchronization signal block (SSB), physicaldownlink control channel (PDCCH), or physical downlink shared channel(PDSCH) transmissions.
 3. The apparatus of claim 1, wherein the at leastone processor is further configured to determine the second base stationis posing as the first base station based on the detection.
 4. Theapparatus of claim 1, wherein the silent periods are identified based ona pattern, wherein the first base station generates the pattern, andwherein the at least one processor is further configured to receive aconfiguration indicating a pattern identifying the silent periods. 5.The apparatus of claim 4, wherein receiving the configuration comprisesreceiving an encrypted message comprising the pattern identifying thesilent periods.
 6. The apparatus of claim 4, wherein the patternindicates at least one of: a first set of slots corresponding to thesilent periods; or sets of downlink symbols each within a slot of asecond set of slots corresponding to the silent periods, wherein thedownlink symbols comprise symbols that can be determined as downlinksemi-statically, semi-persistently or dynamically determined asdownlink.
 7. The apparatus of claim 1, wherein one or more downlinktransmissions detected from the second base station comprise at leastone of a cell-specific signal or a user equipment (UE)-specific signal;wherein the cell-specific signal comprises at least one of: asynchronization signal block (SSB) that carries a same cell identifier(ID) as the first base station; or a first physical downlink controlchannel (PDCCH); or a first physical downlink shared channel (PDSCH);and wherein the UE-specific signal comprises at least one of: a secondPDCCH scrambled by a UE-specific identifier (ID); or a second PDSCHscheduled by a third PDCCH scrambled by a UE-specific ID.
 8. Theapparatus of claim 1, wherein the apparatus comprises the first basestation.
 9. The apparatus of claim 8, wherein: the silent periods arerandomly chosen by the first base station.
 10. The apparatus of claim 1,wherein the apparatus comprises a node that is deployed in a network topassively listen to detect imposter base stations for security purposes.11. The apparatus of claim 10, wherein the apparatus comprises one of: astationary node; a stationary user equipment (UE); or a mobile UEdesigned to roam the network to passively listen to detect imposter basestations in different locations.
 12. The apparatus of claim 1, whereinthe identifying comprises identifying silent periods during which afirst base station refrains from at least certain downlink transmissionson at least some downlink resources.
 13. The apparatus of claim 1,wherein the apparatus is configured to detect downlink transmissionsbased on one or more silent period patterns, each associated with adifferent first base station.
 14. The apparatus of claim 1, wherein theapparatus is configured to detect downlink transmissions transmitted byone or more second base stations.
 15. The apparatus of claim 1, whereinthe apparatus comprises one of a plurality of first nodes configured todetect downlink transmissions based on the same silent period patternassociated with the same first base station.
 16. The apparatus of claim1, wherein the apparatus comprises one of a plurality of first nodesconfigured to detect downlink transmissions transmitted by the samesecond base station.
 17. The apparatus of claim 1, wherein the at leastone processor is further configured to notify one or more other nodesthat are not configured with information identifying silent periods ofthe detection.
 18. An apparatus for wireless communications, comprising:at least one processor configured to: identify one or more silentperiods during which the apparatus is to refrain from transmitting atleast certain downlink transmissions on at least some downlinkresources; refrain from transmitting the certain downlink transmissionson the at least some downlink resources during the silent periods; andreceive an indication that at least a first node detected, during atleast one of the silent periods, one or more signals transmitted from asecond base station; and a memory coupled with the at least oneprocessor.
 19. The apparatus of claim 18, wherein the certain downlinktransmissions comprise at least one of channel state informationreference signal (CSI-RS), tracking reference signal (TRS),synchronization signal block (SSB), physical downlink control channel(PDCCH), or physical downlink shared channel (PDSCH) transmissions. 20.The apparatus of claim 18, wherein the at least one processor is furtherconfigured to determine the second base station is posing as theapparatus based on the indication.
 21. The apparatus of claim 18,wherein the at least one processor is further configured to send thefirst node an indication of the silent periods.
 22. The apparatus ofclaim 21, wherein the silent periods are indicated by a pattern in aconfiguration; and wherein the apparatus generates the pattern.
 23. Theapparatus of claim 22, wherein the configuration is provided in anencrypted message.
 24. The apparatus of claim 22, wherein the patternindicates at least one of: a first set of slots corresponding to thesilent periods; or sets of downlink symbols, each within a slot of asecond set of slots corresponding to the silent periods, wherein thedownlink symbols comprise symbols that can be determined as downlinksemi-statically, semi-persistently or dynamically determined asdownlink.
 25. The apparatus of claim 18, wherein the certain downlinktransmissions comprise at least one of a cell-specific signal or a userequipment (UE)-specific signal; wherein the cell-specific signalcomprises at least one of: a synchronization signal block (SSB) thatcarries a same cell identifier (ID) as the apparatus; or a firstphysical downlink control channel (PDCCH); or a first physical downlinkshared channel (PDSCH); and wherein the UE-specific signal comprises atleast one of: a second PDCCH scrambled by a UE-specific identifier (ID);or a second PDSCH scheduled by a third PDCCH scrambled by a UE-specificID.
 26. The apparatus of claim 18, wherein: the silent periods arerandomly chosen by the apparatus.
 27. The apparatus of claim 26, whereinthe first node comprises a node that is deployed in a network topassively listen to detect imposter base stations for security purposes.28. The apparatus of claim 26, wherein the first node comprises one of:a stationary node; a stationary user equipment (UE); or a mobile UEdesigned to roam a network to passively listen to detect imposter basestations in different locations.
 29. A method for wirelesscommunications by a first node, the method comprising: identifying oneor more silent periods during which at least a first base station is torefrain from at least certain downlink transmissions on at least somedownlink resources; detecting one or more downlink transmissions from asecond base station during the one or more silent periods; and notifyinga network entity of the detection.
 30. A method for wirelesscommunications by a first base station, the method comprising:identifying one or more silent periods during which the first basestation is to refrain from transmitting at least certain downlinktransmissions on at least some downlink resources; refraining fromtransmitting the certain downlink transmissions on the at least somedownlink resources during the silent periods; and receiving anindication that at least a first node detected, during at least one ofthe silent periods, one or more signals transmitted from a second basestation.